Search Marketing

The Whiteclick SEO blog aims to keep you up to date with the latest in the search engine optimisation and marketing industry and the company.

5 Tips to Improve Your Website Security

- Friday, September 30, 2011

Website security is an often-overlooked part of developing a site. Everyone says 'yes, we provide the utmost in web security', but what do they actually do? What questions can you ask your web design company to make sure they're actually doing it? And what steps can you take to help protect your site? Read on....

Open source software is much more prevalent in the market these days. We use it ourselves. CMS's like Wordpress, Drupal and Magento are now common bits of software that people know about. These are great tools, however you must keep them updated. While we love open source, it does mean that the code is available to anyone. And that means those with not-so-good intentions can try and find security holes to exploit. The open source community is pretty good with this - there are always updates available and it's highly recommended you keep your software up-to-date!

There's another really common scenario with open source software. And that's the install folder/files! You must remove these once the software is installed. Otherwise anyone can come along and reinstall it. And if you don't back up your site regularly, this can have a devastating effect. So don't just rename the install files - make sure you remove them completely.

So, you've got your software up-to-date, and have removed the install files/folder. What's next? How about your login and passwords? I hope you're not using the default admin:admin or admin:admin123. That would be a bad idea. Go and check this. Now. And if it's default, change it. Heck, why don't you change it regardless!

Ok now we're going to get a bit more technical. You'll most likely have heard of SSL. What's this? It stands for 'Secure Sockets Layer'. That probably still doesn't mean anything to you. Well, to put it simply, it's a security protocol that ensures that data sent using the Internet is encrypted. You'll often see secure web sites displayed with a nice little padlock in your browser.

So when you're using a web site with an SSL certificate, any data that's transmitted between your computer and the web site server is secure (read:encrypted). This means that no-gooders that are 'listening' to this to and fro traffic can't see what's being sent. Which is a really good idea when you're sending private information. Like credit card details. So, if you're web site sends and receives private information, it's a good idea to use SSL.

There's a bunch of different providers of SSL certificates out there; Verisign, RapidSSL and Comodo to name a few. And of course, if that's all a bit confusing, get in touch and we'll talk you through it.

Next up, do you have an online store? Take payments? I hope you're using a secure payment gateway. If not, maybe you're storing credit card information. Please, please tell me you're using SSL. And if you are, you do know this is just a start right?

SSL doesn't completely protect your web site. It does protect the data being transmitted to and from your site. But that's not the information your site holds!

The majority of online stores use a database. And if that database holds credit card information, it makes them it a very desirable target for scammers or hackers. Don't think it won't happen to you.

What's the moral of this story? Only store credit card details if you absolutely must. If you can use a third party payment gateway (Paypal, eWay etc etc...) it does remove the burden somewhat. And if decide to store the info regardless, encrypt it. Plaintext passwords with credit card details are just a recipe for disaster.

Right, I hope this article has shed some light on web site security for you. This is by no means an exhaustive list. It's just a few simple (and not so simple!) steps you can take to help. If it all seems a bit overwhelming, drop us a line, we'd be happy to help. Adios!